{"id":"CVE-2025-12967","details":"An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.\n\nWe recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1","aliases":["GHSA-4jvf-wx3f-2x8q"],"modified":"2026-04-02T12:32:55.635239Z","published":"2025-11-10T18:16:06.043Z","related":["GHSA-4jvf-wx3f-2x8q","GHSA-7wq2-32h4-9hc9","GHSA-7xw4-g7mm-r4hh","GHSA-8wj8-cfxr-9374","GHSA-q327-fgm8-7mxf"],"references":[{"type":"WEB","url":"https://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2025-10-17"},{"type":"WEB","url":"https://github.com/aws/aws-advanced-nodejs-wrapper/releases/tag/2.0.1"},{"type":"WEB","url":"https://github.com/aws/aws-advanced-python-wrapper/releases/tag/1.4.0"},{"type":"WEB","url":"https://github.com/aws/aws-pgsql-odbc/releases/tag/1.0.1"},{"type":"WEB","url":"https://aws.amazon.com/security/security-bulletins/AWS-2025-028/"},{"type":"WEB","url":"https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/2.6.5"},{"type":"ADVISORY","url":"https://github.com/aws/aws-pgsql-odbc/security/advisories/GHSA-q327-fgm8-7mxf"},{"type":"ADVISORY","url":"https://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-7xw4-g7mm-r4hh"},{"type":"ADVISORY","url":"https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-7wq2-32h4-9hc9"},{"type":"ADVISORY","url":"https://github.com/aws/aws-advanced-nodejs-wrapper/security/advisories/GHSA-8wj8-cfxr-9374"},{"type":"ADVISORY","url":"https://github.com/aws/aws-advanced-python-wrapper/security/advisories/GHSA-4jvf-wx3f-2x8q"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aws/aws-advanced-go-wrapper","events":[{"introduced":"0"},{"fixed":"a9c83b30a5cb7dbd4a2aa812da1d6dd6fa264d6a"}]},{"type":"GIT","repo":"https://github.com/aws/aws-advanced-jdbc-wrapper","events":[{"introduced":"0"},{"fixed":"213c5f857c3752a71683dd1c9417389a6a076229"}]},{"type":"GIT","repo":"https://github.com/aws/aws-advanced-nodejs-wrapper","events":[{"introduced":"0"},{"fixed":"741fc89e941134d8932b1af9e5dba7543561c1fd"}]},{"type":"GIT","repo":"https://github.com/aws/aws-advanced-python-wrapper","events":[{"introduced":"0"},{"fixed":"f74ee35bf3c732d7c65fec3869457f3e8fb43d62"}]},{"type":"GIT","repo":"https://github.com/aws/aws-pgsql-odbc","events":[{"introduced":"0"},{"fixed":"804fef474cb51bb0798a93464cc1f85455f27288"}]}],"versions":["0.1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.2.0","1.3.0","2.0.0","2.1.0","2.1.1","2.1.2","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","2.4.0","2.5.0","2.5.1","2.5.2","2.5.3","2.5.4","2.5.5","2.5.6","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.6.6","2.6.7","2.6.8","3.0.0","3.1.0","3.2.0","3.3.0","auth-helpers/v1.0.0","auth-helpers/v1.0.1","auth-helpers/v1.0.3","auth-helpers/v1.0.4","auth-helpers/v1.0.5","aws-secrets-manager/v1.0.0","aws-secrets-manager/v1.0.1","aws-secrets-manager/v1.0.3","aws-secrets-manager/v1.0.4","aws-secrets-manager/v1.1.0","awssql/v1.0.0","awssql/v1.1.0","awssql/v1.2.0","awssql/v1.3.0","awssql/v1.4.0","custom-endpoint/v1.0.0","custom-endpoint/v1.0.1","custom-endpoint/v1.0.2","federated-auth/v1.0.0","federated-auth/v1.0.1","federated-auth/v1.0.3","federated-auth/v1.0.4","federated-auth/v1.0.5","iam/v1.0.0","iam/v1.0.1","iam/v1.0.3","iam/v1.0.4","iam/v1.0.5","mysql-driver/v1.0.0","mysql-driver/v1.0.1","mysql-driver/v1.0.3","mysql-driver/v1.0.4","mysql-driver/v1.0.5","okta/v1.0.0","okta/v1.0.1","okta/v1.0.3","okta/v1.0.4","okta/v1.0.5","otlp/v1.0.0","otlp/v1.0.1","otlp/v1.0.3","otlp/v1.0.4","otlp/v1.0.5","pgx-driver/v1.0.0","pgx-driver/v1.0.1","pgx-driver/v1.0.3","pgx-driver/v1.0.4","pgx-driver/v1.0.5","release-2025-07-31","release-2025-10-08","release-2025-12-04","release-2025-12-16","release-2026-02-03","xray/v1.0.0","xray/v1.0.1","xray/v1.0.3","xray/v1.0.4","xray/v1.0.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12967.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}